Intune – You can now continue Autopilot Hybrid Azure AD Join process even if your AD domain is not reachable

By now, you already know Intune/Endpoint Configuration Manager Autopilot which allows you to give your end-users new devices without having to build them (or even get them refreshed).

You may already know that you can also perform an Azure Active Directory Hybrid Join process (aka registering the device in Azure AD and in your on-premises Active Directory) too.

Well, this process has been improved by allowing the Autopilot onboarding process to continue even when your on-premises domain is not reachable (which may happen because the VPN connection is not working properly or required traffic for AD domain join is not allowed through VPN) – called Skip AD connectivity check.

To be able to use this new capability you need to create or edit a User Driven\Hybrid Azure AD joined Autopilot profile by logging to your Intune/Endpoint Configuration Manager portal ( and access the Devices\Enroll Devices\Windows Enrollment blade


Then Deployment Profiles for Autopilot to create or edit an existing User Driven Autopilot profile


There the option to continue even the connection to an AD domain is not established is available at the Step 2 – Out of the box experience (OOBE)


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies